Who are we?
We are Bandicoot Limited, trading as Bandicoot IT and Internet Services and Fernbank Business Centre. We are committed to helping small and medium sized business thrive though efficient, secure and robust and IT systems and business infrastructure.
What data do we collect?
You may have given us a business card during networking or information via our website e.g. through “contact us” or by completing the ‘have a question’ form. This may include your name, company name, your job title, your email address, your contact number/s and information about the services or products, or information you are looking for.
The GDPR classes this information as personal data therefore we will send you an email asking you to confirm that you are happy for us to process your details or you may have been asked to consent whilst on line. If you do not positively opt in, we will immediately delete your details from our system.
We do not collect any sensitive personal data or clients bank details. Clients pay us directly into our bank account, via bacs, direct debit, paypal or cheque.
What is the lawful basis for processing the data?
Our lawful basis for processing the personal data we collect via our website or whilst networking is “consent”.
If you are a customer or you contact us to ask for a quote or prices on products or services then the lawful basis will be to fulfil a “contract”.
Will data be shared with any third parties?
No. We do not share data with third any parties unless we are required to by law. We ceased all sharing of information to select and relevant third party suppliers in 2017.
How will the information be used?
Existing and prospective clients who have given us consent will receive emails about special offers, IT tips and useful blogs from us.
We do not undertake any customer profiling and have no intention of sharing data with third parties for marketing purposes. If for any reason we wanted to in the future, your explicit consent will be sought first.
What will happen if you don’t opt in?
Nothing. You simply won’t receive emails about special offers, IT tips and useful blogs from us.
How do you Opt Out?
The fastest way to do this is to use the unsubscribe link contained in the emails we send you. Alternatively you can email our G.D.P.R. Co-ordinator on email@example.com to unsubscribe.
How long will the data be stored for?
We will store data about potential clients (information gathered from the website and in networking situations) for 1 year or until you exercise your right to be forgotten i.e. by opting out. This period will be extended if you are actively engaging with us and/or we believe you may potentially become a client in the near future. If you do not engage with us for 12 months, we will send you a reengagement email asking you to confirm that you want to continue to hear from us.
For HMRC purposes, all client details will be removed from our invoicing software 7 years after they cease to be a client. For legal purposes, emails from and to clients providing advice or regarding the supply of goods or services, will be held for 6 years after the last interaction.
Is your data safe?
Your data and any emails we keep will be held in accordance with Article 32 (Security of processing) of the G.D.P.R.. This means we apply “appropriate technical and organisational measures” to ensure security, such as storing data on a secure server which has the latest antivirus, is backed up regularly, regularly security patched, protected by a firewall and has strong password protection.
What rights does the data subject have?
You can submit a subject access request to see the data we hold or exercise your right to be forgotten by emailing our G.D.P.R. Co-ordinator at firstname.lastname@example.org.
How can the data subject raise a complaint?
If you wish to complain please email the G.D.P.R. Co-ordinator on email@example.com.
Changes to this Privacy Notice.
This Privacy Notice is effective from 15th May 2018. It will be revised as needed to fully comply with changes in the law.
Should we choose to make any significant changes to this privacy notice you will be asked to again to give your explicit consent.
The General Data Protection Regulations.
The person who’s data is being held by the Company.
Where a person has taken action to confirm consent; and are not deemed to have accepted something by simply not objecting or by clicking a pre ticked box.
The right to be forgotten
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and will depend on the circumstances.
Subject access request
A verbal or written request to an organisation for:
- confirmation that you are processing their personal data;
- a copy of their personal data;
- a copy of the organisation’s privacy notice (or equivalent information).
Organisations have to respond without undue delay or at least within 1 month of the request.